Skip to content

Network Security Assessment

Network Security Assessment. By Chris McNab; published by O'Reilly & Associates, 800/998-9938 (phone), (Web); 371 pages; $39.95.

Risks to computer networks propagate as quickly as computer technology develops, if not faster. Regularly assessing network security is critical. Hackers are skilled at detecting even the slightest vulnerability left unexposed for the slimmest amount of time.

That's where Network Security Assessment comes in. This well-organized book presents the tools and techniques necessary to identify and assess risks in computer networks. A professional security tester who has successfully penetrated many networks, the author explains how to conduct a structured and logical network security assessment.

Readers will find cogent explanations of the many tools used by hackers to break into systems. Even experienced penetration testers are likely to learn about new and useful tools. The book also discusses the many ways an attacker can discover the existence and makeup of a network; the discussion is alarming and eye-opening.

Most of the book consists of chapters that focus on how to assess different components and services on a network, such as Web applications, databases, Windows services, and e-mail. Each chapter features numerous examples and screen shots of what exploits look like and how to correctly use assessment tools.

Penetration testers and network security administrators will find much to commend this book. Nontechnical readers will find that the author does an excellent job of explaining complex protocols, tools, and concepts.

Reviewer: Steven Weil, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CBCP (Certified Business Continuity Professional), is senior security consultant with Seitel Leeds & Associates, a full-service consulting firm based in Seattle. He specializes in security policy development, HIPAA compliance, disaster recovery planning, security assessments, and information security management.